Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(148)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/crypto_server_test.cc

Issue 1416583005: Add support of serving SCT on the server side in QUIC, gated by QUIC_VERSION_30. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@106687764
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/crypto_protocol.h ('k') | net/quic/crypto/proof_source.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <ostream> 5 #include <ostream>
6 #include <vector> 6 #include <vector>
7 7
8 #include "base/basictypes.h" 8 #include "base/basictypes.h"
9 #include "base/strings/string_number_conversions.h" 9 #include "base/strings/string_number_conversions.h"
10 #include "crypto/secure_hash.h" 10 #include "crypto/secure_hash.h"
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 : rand_(QuicRandom::GetInstance()), 108 : rand_(QuicRandom::GetInstance()),
109 client_address_(Loopback4(), 1234), 109 client_address_(Loopback4(), 1234),
110 config_(QuicCryptoServerConfig::TESTING, 110 config_(QuicCryptoServerConfig::TESTING,
111 rand_, 111 rand_,
112 #if defined(USE_OPENSSL) 112 #if defined(USE_OPENSSL)
113 CryptoTestUtils::ProofSourceForTesting()) { 113 CryptoTestUtils::ProofSourceForTesting()) {
114 #else 114 #else
115 CryptoTestUtils::FakeProofSourceForTesting()) { 115 CryptoTestUtils::FakeProofSourceForTesting()) {
116 #endif 116 #endif
117 supported_versions_ = GetParam().supported_versions; 117 supported_versions_ = GetParam().supported_versions;
118 config_.set_enable_serving_sct(true);
119
118 client_version_ = supported_versions_.front(); 120 client_version_ = supported_versions_.front();
119 client_version_string_ = 121 client_version_string_ =
120 QuicUtils::TagToString(QuicVersionToQuicTag(client_version_)); 122 QuicUtils::TagToString(QuicVersionToQuicTag(client_version_));
121 123
122 FLAGS_use_early_return_when_verifying_chlo = 124 FLAGS_use_early_return_when_verifying_chlo =
123 GetParam().use_early_return_when_verifying_chlo; 125 GetParam().use_early_return_when_verifying_chlo;
124 FLAGS_enable_quic_stateless_reject_support = 126 FLAGS_enable_quic_stateless_reject_support =
125 GetParam().enable_stateless_rejects; 127 GetParam().enable_stateless_rejects;
126 use_stateless_rejects_ = GetParam().use_stateless_rejects; 128 use_stateless_rejects_ = GetParam().use_stateless_rejects;
127 } 129 }
(...skipping 14 matching lines...) Expand all
142 nonce_hex_ = "#" + base::HexEncode(nonce_str.data(), nonce_str.size()); 144 nonce_hex_ = "#" + base::HexEncode(nonce_str.data(), nonce_str.size());
143 pub_hex_ = "#" + base::HexEncode(public_value, sizeof(public_value)); 145 pub_hex_ = "#" + base::HexEncode(public_value, sizeof(public_value));
144 146
145 // clang-format off 147 // clang-format off
146 CryptoHandshakeMessage client_hello = CryptoTestUtils::Message( 148 CryptoHandshakeMessage client_hello = CryptoTestUtils::Message(
147 "CHLO", 149 "CHLO",
148 "AEAD", "AESG", 150 "AEAD", "AESG",
149 "KEXS", "C255", 151 "KEXS", "C255",
150 "PUBS", pub_hex_.c_str(), 152 "PUBS", pub_hex_.c_str(),
151 "NONC", nonce_hex_.c_str(), 153 "NONC", nonce_hex_.c_str(),
154 "CSCT", "",
152 "VER\0", client_version_string_.c_str(), 155 "VER\0", client_version_string_.c_str(),
153 "$padding", static_cast<int>(kClientHelloMinimumSize), 156 "$padding", static_cast<int>(kClientHelloMinimumSize),
154 nullptr); 157 nullptr);
155 // clang-format on 158 // clang-format on
156 ShouldSucceed(client_hello); 159 ShouldSucceed(client_hello);
157 // The message should be rejected because the source-address token is 160 // The message should be rejected because the source-address token is
158 // missing. 161 // missing.
159 CheckRejectTag(); 162 CheckRejectTag();
160 const HandshakeFailureReason kRejectReasons[] = { 163 const HandshakeFailureReason kRejectReasons[] = {
161 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 164 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after
341 344
342 bool RejectsAreStateless() { 345 bool RejectsAreStateless() {
343 return GetParam().enable_stateless_rejects && 346 return GetParam().enable_stateless_rejects &&
344 GetParam().use_stateless_rejects; 347 GetParam().use_stateless_rejects;
345 } 348 }
346 349
347 string XlctHexString() { 350 string XlctHexString() {
348 const vector<string>* certs; 351 const vector<string>* certs;
349 IPAddressNumber server_ip; 352 IPAddressNumber server_ip;
350 string sig; 353 string sig;
354 string cert_sct;
351 #if defined(USE_OPENSSL) 355 #if defined(USE_OPENSSL)
352 scoped_ptr<ProofSource> proof_source( 356 scoped_ptr<ProofSource> proof_source(
353 CryptoTestUtils::ProofSourceForTesting()); 357 CryptoTestUtils::ProofSourceForTesting());
354 #else 358 #else
355 scoped_ptr<ProofSource> proof_source( 359 scoped_ptr<ProofSource> proof_source(
356 CryptoTestUtils::FakeProofSourceForTesting()); 360 CryptoTestUtils::FakeProofSourceForTesting());
357 #endif 361 #endif
358 if (!proof_source->GetProof(server_ip, "", "", false, &certs, &sig) || 362 if (!proof_source->GetProof(server_ip, "", "", false, &certs, &sig,
363 &cert_sct) ||
359 certs->empty()) { 364 certs->empty()) {
360 return "#0100000000000000"; 365 return "#0100000000000000";
361 } 366 }
362 367
363 std::ostringstream xlct_stream; 368 std::ostringstream xlct_stream;
364 uint64 xlct = 369 uint64 xlct =
365 QuicUtils::FNV1a_64_Hash(certs->at(0).c_str(), certs->at(0).length()); 370 QuicUtils::FNV1a_64_Hash(certs->at(0).c_str(), certs->at(0).length());
366 return "#" + base::HexEncode(reinterpret_cast<char*>(&xlct), sizeof(xlct)); 371 return "#" + base::HexEncode(reinterpret_cast<char*>(&xlct), sizeof(xlct));
367 } 372 }
368 373
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
433 "KEXS", "C255", 438 "KEXS", "C255",
434 "PUBS", pub_hex_.c_str(), 439 "PUBS", pub_hex_.c_str(),
435 "NONC", nonce_hex_.c_str(), 440 "NONC", nonce_hex_.c_str(),
436 "PDMD", "X509", 441 "PDMD", "X509",
437 "VER\0", client_version_string_.c_str(), 442 "VER\0", client_version_string_.c_str(),
438 "$padding", static_cast<int>(kClientHelloMinimumSize), 443 "$padding", static_cast<int>(kClientHelloMinimumSize),
439 nullptr); 444 nullptr);
440 // clang-format on 445 // clang-format on
441 446
442 ShouldSucceed(msg); 447 ShouldSucceed(msg);
443 StringPiece cert, proof; 448 StringPiece cert, proof, cert_sct;
444 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); 449 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));
445 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); 450 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof));
451 EXPECT_EQ(client_version_ > QUIC_VERSION_29,
452 out_.GetStringPiece(kCertificateSCTTag, &cert_sct));
446 EXPECT_NE(0u, cert.size()); 453 EXPECT_NE(0u, cert.size());
447 EXPECT_NE(0u, proof.size()); 454 EXPECT_NE(0u, proof.size());
448 const HandshakeFailureReason kRejectReasons[] = { 455 const HandshakeFailureReason kRejectReasons[] = {
449 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 456 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
450 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 457 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
458 EXPECT_EQ(client_version_ > QUIC_VERSION_29, cert_sct.size() > 0);
451 } 459 }
452 460
453 TEST_P(CryptoServerTest, TooSmall) { 461 TEST_P(CryptoServerTest, TooSmall) {
454 // clang-format off 462 // clang-format off
455 ShouldFailMentioning("too small", CryptoTestUtils::Message( 463 ShouldFailMentioning("too small", CryptoTestUtils::Message(
456 "CHLO", 464 "CHLO",
457 "VER\0", client_version_string_.c_str(), 465 "VER\0", client_version_string_.c_str(),
458 nullptr)); 466 nullptr));
459 // clang-format on 467 // clang-format on
460 const HandshakeFailureReason kRejectReasons[] = { 468 const HandshakeFailureReason kRejectReasons[] = {
(...skipping 546 matching lines...) Expand 10 before | Expand all | Expand 10 after
1007 1015
1008 strike_register_client_->RunPendingVerifications(); 1016 strike_register_client_->RunPendingVerifications();
1009 ASSERT_TRUE(called); 1017 ASSERT_TRUE(called);
1010 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); 1018 EXPECT_EQ(0, strike_register_client_->PendingVerifications());
1011 // The message should be rejected now. 1019 // The message should be rejected now.
1012 CheckRejectTag(); 1020 CheckRejectTag();
1013 } 1021 }
1014 1022
1015 } // namespace test 1023 } // namespace test
1016 } // namespace net 1024 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/crypto_protocol.h ('k') | net/quic/crypto/proof_source.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698